Store Certificates in encrypted partition , how ?

plusorc
Posts: 36
Joined: Sat Nov 09, 2019 6:27 am

Store Certificates in encrypted partition , how ?

Postby plusorc » Wed Nov 27, 2019 2:52 am

Hello

I always used SPIFFS , they are great for storage .. they have a way to upload while building and they are super easy
to work with .
The only down side now is it can't be encrypted , So I look for NVS .. I found lots of posts here about sector size and each file
shouldn't exceed 2KB ??
Some Certificates (Mutual Authentication) exceed 3KB.
So now I look for a FAT partition .. Looks like a simple thing .. similar to SPIFFS but with encryption .

Now , the problem is I need a way to upload certificates while building , not in a separate process like the tool of
MakeFATfs (can't remember the name correctly, sorry)

So , I guess my question is ...
-is there any tool in esp-idf that can upload to a fat partition during building & flashing (not a separate tool) ?

-If NVS can support 3.2KB or slightly more .. Is there any tool to upload the files during the Build and flash stage ?
I know about the MFG? Tool , but again .. what I need is something like the Folder you make with SPIFFS and put
Make directives .. so all end up uploaded to the chip in it's partition .

Note :
-I used to embed the Keys in the Bin , but that is not an option now
-I've seen a post about no Upload tool for fat partition , but that was 2017 or something ? any changes ?

any advise on that situation please , from other posts .. it's clear lots of people faced this before .

Thanks

jcsbanks
Posts: 305
Joined: Tue Mar 28, 2017 8:03 pm

Re: Store Certificates in encrypted partition , how ?

Postby jcsbanks » Wed Nov 27, 2019 9:21 am

NVS as blob to avoid string limit. There is an Espressif tool to make NVS partition data.

plusorc
Posts: 36
Joined: Sat Nov 09, 2019 6:27 am

Re: Store Certificates in encrypted partition , how ?

Postby plusorc » Thu Nov 28, 2019 2:00 am

jcsbanks wrote: NVS as blob to avoid string limit. There is an Espressif tool to make NVS partition data.
Thank you for the suggestion , But this will require the 2 stage flashing as well

WiFive
Posts: 3529
Joined: Tue Dec 01, 2015 7:35 am

Re: Store Certificates in encrypted partition , how ?

Postby WiFive » Thu Nov 28, 2019 3:12 am

You just need to make a version of this for your chosen format https://github.com/espressif/esp-idf/bl ... lude.cmake

plusorc
Posts: 36
Joined: Sat Nov 09, 2019 6:27 am

Re: Store Certificates in encrypted partition , how ?

Postby plusorc » Fri Nov 29, 2019 1:26 pm

Thanks for pointing that out
I'm not sure how to work with offsets in that case

My partition table has no offsets (only partition sizes) in anticipation for the bootloader expansion after
enabling secure boot and flash encryption.
I'm looking for a similar way like spiffs because it will save me the offset trouble

Obviously I can't determine that now because I didn't enable Secure boot and flash encryption
but I'll look for how it's done with spiffs because apparently with no offsets in the table Spiffs gets allocated automatically

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Store Certificates in encrypted partition , how ?

Postby ESP_Angus » Tue Dec 03, 2019 6:14 am

Hi plusorc,

Which ESP-IDF version and build system (CMake or GNU Make) are you using?

Angus

Who is online

Users browsing this forum: No registered users and 124 guests